I suppose that writing a website that degrades gracefully basically means double the normal amount of testing. One test with JS on, and one with it off. So, for a site that expects to run without JS often, it might be more economical for the developer, to just do without it altogether.
-- David L. Willson Teacher, Engineer, Evangelist RHCE+Satellite CCAH Network+ A+ Linux+ LPIC-1 UbuntuCP NovellCLA Mobile 720-333-LANS(5267) This is a good time for a r3VOLution. ----- Original Message ----- > > Designing a site with no JavaScript limits its capabilities. If one > wants to be protected from JavaScript, the solution is to run with > it disabled in the browser. > > Instead of eliminating JS completely from websites, the expectation > should be that they degrade gracefully for those who have chosen to > disable it. If the server gets hacked malicious JS could still be > added to the site regardless of whether the site uses it > legitimately or not. > > While it is code from a remote source, it is mostly sandboxed and > without other unpatched exploits there isn't that much that JS can > do to you all by itself. > > K. > > > > > On Dec 19, 2013, at 4:28 PM, Kevin O'Brien <[email protected]> > > wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > >> On 12/19/2013 04:57 PM, Keith Murray wrote: > >> Maybe you covered this already, but why are we eliminating > >> JavaScript? > > > > It is a security nightmare. You are allowing a remote web site to > > run > > code on your machine. > > > > Regards, > > > > > > - -- > > Kevin B. O'Brien > > [email protected] > > http://google.me/+kevinobrien > > There's a difference between tempting fate and giving it a lap > > dance. > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.14 (GNU/Linux) > > > > iQEcBAEBAgAGBQJSs48cAAoJEM6rrjCMwv1Z/awH/ROprzdDxeHi2IuKSXmkz+IJ > > k6oD5s6DJf0uVb/12H3zoAIC45zZsXporxB9HhdyVeCTivFUbzTn8vKx6Ls315Zx > > lJPMK6+/w5CP6IuSvVzdlNB/tPAx6DVso/KosP7onpC8aZn5S3nfty5hmw/xjg/Q > > qECHW2sp8DNRW4srREUjErCa9prTNrj4wiLBwHmr3alOLFJgWZEIMvLJw7vjfJfb > > XT+5FyjCabBiPyXqPgWfcB0O/AM+JeEwaRPsZ7TGZpVDesAQiCDQg+qV5KFj292V > > LJm7DJJ62ruukfOTOLk0LXhHkVz/N25EdPmfJsd1Mnhzc2Zp5Or4B2Iqgnz4LUA= > > =vWMA > > -----END PGP SIGNATURE----- > > > > _______________________________________________ > > Hpr mailing list > > [email protected] > > http://hackerpublicradio.org/mailman/listinfo/hpr_hackerpublicradio.org > > _______________________________________________ > Hpr mailing list > [email protected] > http://hackerpublicradio.org/mailman/listinfo/hpr_hackerpublicradio.org > _______________________________________________ Hpr mailing list [email protected] http://hackerpublicradio.org/mailman/listinfo/hpr_hackerpublicradio.org
